What is 01 New York Inn of Court CLE-July 2020 Bitcoin?
02 • Functions as a medium of exchange. What is • Forms the basis of the credit INN OF COURT | 2020 system. Money? • Acts as a store of value. • Can be used as a unit of account.
03 • Digital Currency • Not attached to a State/Government Why is Bitcoin • No Issuing or Regulatory Authority Different? • No Central Bank • Near Instant Global Transactions INN OF COURT | 2020
How Does Bitcoin Work? 04 Peer -to-Peer Networks
How Does Bitcoin Work? 05 Cryptography
How Does Bitcoin Work? 06 Consensus
Use Cases Supply Chain -Moving onwards and upwards The "Unbanked" Financial Services 07 Healthcare Payments Voter Verification
"I -CO" or BUSINESS REVIEW | 2020 08 "I.C.O."?
Thank you!
The Three Stages of an I CO Private Sale Pre Sale Crowdsale
THE PITCH: THE PITCH: SCAMCOIN SCAMCOIN Coins, Not Shares BUSINESS REVIEW | 2020 Utility Tokens Anonymous Payment
IS SCAMCOIN A SECURITY? BUSINESS REVIEW | 2020
SEC ENFORCEMENT ACTIONS SEC ENFORCEMENT ACTIONS BUSINESS REVIEW | 2020
REGISTRATION OF SECURITIES REQUIRED PURSUANT TO THE SECURITIES ACT Section 5(a) provides that, unless a registration statement is in effect it is unlawful for any person to engage in the offer or sale of securities in interstate commerce. BUSINESS REVIEW | 2020 Section 5(c) provides a similar prohibition against offers to sell, or offers to buy, unless a registration statement has been filed. Violations of Section 5 do not require scienter. But there might be a fraud here
Definition o of Secu ecuri rity ty • Security defined in Section 2(a)(1) of the Securities Act and Section 3(a)(10) of the Exchange Act as a number of possibilities • What is an investment contract?
The e Howey Tes est • It is flexible test, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits • In analyzing whether something is a security, “form should be disregarded for substance,” • “emphasis should be on economic realities underlying a transaction, and not on the name appended thereto.”
Cr Cryptoc ocurrencies t typically a analyzed under t the Howey ey test st – See, ee, e. e.g. SEC R C Release No. 8 81207 ( 207 (the “DOA R Repor ort”) ”) • Investment of Money • Common Enterprise • With a Reasonable Expectation of Profits • Derived from the Managerial Efforts of Others
Common E Enter erpr prises es • There are three ways of showing the existence of a common enterprise. • Horizontal commonality • Vertical commonality • Narrow vertical commonality
With th a a Reaso easonable Ex Expectati tion of of P Prof ofits ts • The Supreme Court has recognized an expectation of profits in two situations. • These situations are to be contrasted with transactions in which an individual purchases a commodity for personal use or consumption.
Der erived f from t the he M Mana anageri rial E Efforts of ts of O Othe hers • The central issue is “whether the efforts made by those other than the investor are the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise.” • The requirement satisfied if “the efforts made by those other than the investor are the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise.”
July 17, 2020 21 Consultation on Ransomware Attack Law Offices of Darke Webb & Malwarre LLP Legal Consultation on Ransomware Attacks and Related Issues
July 17, 2020 23 Reporting Requirements – Overview • Reporting Requirements can vary across several areas – Sources of Reporting Requirements – Time Frames – What Constitutes a Reportable Event • Sources of Reporting Requirements – There are various federal, state, and international sources of reporting requirements, including • Federal (GLBA, HIPPA) • States (All 50) • International (GDPR)
July 17, 2020 24 Sources of Reporting Requirements (State) Each of the 50 states has its own breach notification requirements. • – Notable states include NY and California • In fact, NY has two different data breach notification requirements. – 23 NYCRR 500 (Part 500) – NY SHIELD Act
July 17, 2020 25 Time Frames/Reportable Events • Examples of Time Frames – NY-DFS and GDPR • No later than 72 hours – NY SHIELD Act and California civil code • The disclosure shall be made in the most expedient time possible and without unreasonable delay What Constitutes a Reportable Event • – Data + encryption key • State data breach notification laws commonly provide an exception to breach notification where the data is encrypted and only the data, but not the encryption key, has been compromised. – See e.g., (Cal Civ Code § 1798.82)
July 17, 2020 26 Case Study - 23 NYCRR 500.17 • NY-DFS as an example – Must report a Cybersecurity Event that is either of the following: • (1) Cybersecurity Events impacting the Covered Entity of which notice is required to be provided to any government body, self-regulatory agency or any other supervisory body; or • (2) Cybersecurity Events that have a reasonable likelihood of materially harming any material part of the normal operation(s) of the Covered Entity. – Cybersecurity Event means any act or attempt, successful or unsuccessful, to gain unauthorized access to, disrupt or misuse an Information System or information stored on such Information System.
Many Companies obtain specific insurance policies targeted to cover: • Cyber extortion / ransomware (covers the demanded payment itself) • Computer hardware / software / data loss Privacy and data breach liability • • Business interruption / denial of service attack / lost income • Loss of business reputation • Media or web content liability
What’s the Password? https://youtu.be/a6iW-8xPw3k
July 17, 2020 29 Ransomware/Incident Response Overview • (1) Ransomware Lifecyle • (2) Mitigating Controls • (3) Incident Response
July 17, 2020 30 Early Ransomware • Appeared around 2012 • “Retail” – one computer at a time • Mass targeting – spam emails, automated attacks, etc.
July 17, 2020 31 2016 “ Enterprise” Ransomware • Samsam Ransomware • Attacks organizations • Sophisticated hacking techniques
July 17, 2020 32 Ransomware Today • Many Ransomware Groups (Maze, Ryuk, Lazarus, Evil Corp. . .) • More resources, more expertise = more attacks • Ransomware costs still on the rise – The average cost of a ransomware attack doubled from Q4 2018 to Q4 2019. – The potential cost of ransomware in the United States in 2019 was over $7.5 billion. • New in 2020: Data theft becomes common
July 17, 2020 33 Ransomware Lifecycle • Step 1: Get access to victim network. • Step 2: Escalate privileges. • Step 3: Deploy ransomware and encrypt victim network. • Step 4: Arrange payment via digital currency. • Step 5: Profit!
July 17, 2020 34 Don’t be a Victim: Stopping a Ransomware Attack • Prevent Them from Getting in (Deny Initial Access) – Employee Awareness and Anti-Phishing Training – Perimeter Security (Network Monitoring and Intrusion Detection) – Ensure Systems/Network up-to-date (Patch Management) • Prevent Hackers from Escalating Privileges – Password/Access Management • Most of all: An empowered CISO, governance, and controls!
July 17, 2020 35 Mitigating and Recovering from an Attack Start before the attack! Offline and secure backups of data/systems • – Make sure you backup everything you need, and test it • Access logs/audit trails – Need to identify what systems/data were impacted • Incident Response Plan – Comprehensive & test it! After the attack: • Investigate how the cyberattack occurred, repair vulnerabilities, remove backdoors • Restore systems
Attend endan ance V ce Verification f for C CLE C E Cred edit Course Code: CC17 Please email signed CLE form to Janet Sanchez, janetsanchez@velaw.com 36
Questions? 37
Recommend
More recommend